• Sudip Banerjee, Senior Director, Transformation Strategy at Zscaler


• 20.05.2021 05:00 pm
Cloud

The banking and finance industry is changing quickly. As consumers become more comfortable with ecommerce through smartphones and epayments, so too have they begun to expect the same level of service from their banks. This has fuelled the rise of disruptive digital competitors in retail banking –  who put user experience first –  and put older institutions, burdened with legacy systems, at a disadvantage. 

The challenge for older financial organisations is that, although they want to adopt new IT solutions to enable transformation, they’re required to abide by strict policies to meet regulatory standards. This makes them risk averse, so they stick with their legacy IT infrastructure. This reluctance to interfere with their core banking-related IT systems, leads to a hybrid set-up of their IT.

To maximise the potential of the cloud in their hybrid infrastructures, whilst still maintaining the utmost security, there are several steps banks can and should be taking. 

Provide users direct connectivity to the Internet

In the traditional hub-and-spoke networking environments, banks’ central headquarters and branch offices connect to a single corporate network and link to a central private data centre. All data is routed back into the data centre via expensive MPLS backhaul links. 

This approach was sufficient when desktop apps all lived on-premises but doesn’t work when applications have moved to the cloud. The detour from each user via the corporate network to break out to cloud-based applications adds latency and harms the user experience. 

Financial institutions can overcome the latency challenge by giving staff direct connectivity to the Internet and their cloud-based applications.

Consider Zero Trust

The banking sector’s journey to the cloud was halted abruptly by Covid-19. Within a matter of days, thousands of office or branch-based staff were required, and enabled, to work remotely. 

Unfortunately, this transition was not seamless due to organisations’ existing hub and spoke infrastructures and VPN usage. The VPN is a pre-cloud technology an does not provide the most efficient route. Instead, it acts as performance killer. A VPN connection slows down the traffic but also opens the whole network for the user and not just a required application, therefore potentially leading to security issues.

This does not have to be the case though. A Zero Trust based solution can enable granular, direct, and secure user to application access and can be implemented on top of legacy infrastructures.

Look to cloud-based security
Virtual Desktop Infrastructures (VDIs) are used in the financial sector for security and data residency restrictions. VDIs enable remote users to connect to core systems, email, and other applications via bring your own device (BYOD), mitigating issues such as data exposure and theft. 

However, desktop virtualisation is complex and expensive. Furthermore, performance of the virtual desktop can prove an issue for the user, as the transmission of the virtual image is relying on network connectivity. The remote access path once more needs to involve a VPN to allow VDI access and only in a last step provides the app view.

Banks should reconsider the costly and complex setup of a VDI infrastructure. Complementing it with a cloud-based security approach can help to control what the user has access to and adds centralised visibility and control next to a faster and more consistent user experience.